Comments attached to pages that inherit restrictions from parent pages seem to ignore the inherited permissions in the Confluence index.

Steps to reproduce:

1) Enable anonymous Confluence access
2) Create a space with anonymous access
3) Add a page and restrict view to confluence-users
4) Add a subpage
5) Add a comment to this subpage

The comment will appear in the dashboard recently updated list even for anonymous users. Trying to access it however will result in a credentials check.

The comment will also appear in any public RSS feed which only has "comment" in its type list. Curiously they won't appear if the feed is configured to filter other content types such as pages.

Adding a comment directly to the parent page which has the restriction set does not trigger this behaviour.